CVE-2022-45138

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...

CVE-2022-45140

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise...

Wago Multiple Products Web-based Management Cross-site Scripting (CVE-2022-45137)

The configuration backend of the web-based management is vulnerable to reflected XSS Cross-Site Scripting attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. This plugin only works with Tenable.ot. Please visit...

CVE-2022-45137

The configuration backend of the web-based management is vulnerable to reflected XSS Cross-Site Scripting attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability...

CVE-2022-45140

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise...

Remote code execution

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise...

CVE-2022-45140 WAGO: Missing Authentication for Critical Function

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise...

CVE-2022-45140

CVE-2022-45140 affects WAGO products (e.g., PFC100, CC100, Edge Controller, PFC200, Touch Panel 600 series) where the configuration backend allows an unauthenticated user to write arbitrary data to storage with root privileges, enabling unauthenticated remote code execution and full system compro...

CVE-2022-45137

The CVE-2022-45137 entry corresponds to a WAGO cross-site scripting vulnerability: reflected XSS in the configuration backend of the web-based management interface. Affected products include WAGO PFC100/PFC200, CC100, Edge Controller, and Touch Panel 600 series. Impact is limited to confidentiali...

PT-2023-2007 · Wago · Wago Cc100 +3

Name of the Vulnerable Software and Affected Versions: WAGO PFC100/PFC200 versions affected versions not specified WAGO CC100 versions affected versions not specified WAGO Edge Controller versions affected versions not specified WAGO Touch Panel 600 versions affected versions not specified...

Information Disclosure

typo3 is vulnerable to information disclosure. The vulnerability exists because the library does not properly handle user-submitted YAML placeholder expressions in the site configuration backend module which allows an attacker to access sensitive information of the system...

Information disclosure

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...